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receiving at the resource server authentication data for a user from a 
client terminal of the user and validating at the resource server said 
authentication data by reference to said stored authentication details; 
storing at the resource server: 

(1) airyidentifier for the client terminal, the identifier indicating 
said terminal tabe a currently authenticated terminal; and 

(2) the access status of the user of the currently authenticated 
terminal; and 

enabling said resourck server to validate a request for said document 
from the client terminal of said user, which request includes said identifier, by 
checking that said stored access \tatus includes said document. 




2. (Twice Amended) Aynethod according to claim 1, wherein said 
identifier is transmitted in a cookie to said client terminal. 

3. (Thrice Amended) A method according to claim 1, wherein said 
identifier is received from said client terminal with said authentication data. 



4. (Twice Amended) A method according to claim 3, wherein a 
new identifier is issued to said client terminal if Spid authentication data is 
invalid. 
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(Twice Amended) A method according to claim 4, wherein said 
identifier Comprises data indicating the number of times an invalid 
authenticator has been received from said client terminal. 



6. (1Wice Amended) A method according to claim 5, wherein said 
method comprised issuing no further identifier to said client terminal if an 
identifier received ftrom said client terminal indicates that a predetermined 
number of invalid authentic ators have been received from said client terminal. 



7. (Thrice Amended) A method according to claim 1, comprising 
timing out said identifier as Vn identifier of a terminal of a currently 
authenticated user if no document request is received from said client terminal 
for a predetermined period. 

8. (Thrice Amended) A\nethod according to claim 1, comprising 
authenticating said user for access to a plurality of Web servers located in the 
same Internet domain; and 

enabling each of said Web servers t& validate document requests from 
the client terminal, which requests include said identifier, by checking said 
status data on receipt of a document request. 



9. (Twice Amended) A method of operating an authenticating 
server system for authenticating users at client terminals remotely connected 
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via a dka communications network, to control access to a plurality of resource 
servers, said method comprising performing the following steps in said server 
system: \ 

1 storina in at least one of the resource servers authentication details and 



performingvat the at least one of the resource servers remote 
authentication of a user by reference to said stored authentication details and 
during said remote authentication step generating the access status data of the 
user, distinguishing said user from other users which are not currently 
authenticated, and a secret encryption key shared with said user; 

storing said access status data in the at least one of the resource servers 
to check an authentication statufe of said user by using an identifier for the 
client terminal received in a service request to check the stored access status 
data; and \ 

storing said shared secret key in a data store accessible by at least one of 
said resource servers for use during communications with said user. 




cess status data of authorized users; 



10. (Twice Amended) A metho&according to claim 9, wherein said 
remote authenticating step comprises issuing ^challenge to the client terminal, 
receiving a response to said challenge, and verifying said response. 
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JSl . (Twice Amended) A method according to claim 9, further 
comprising: updating said access status data for an authenticated user following 
said storing Mep. 



\ 12. (Amended) A method according to claim 11, wherein said 
updating step is performed in response to a time-out associated with said access 
status data. \ 

13. (Amended) \A method according to claim 11, wherein said 
updating step is performed inVesponse to access by one of said resource servers 
to said access status data. \ 

14. (Thrice Amended) A method according to claim 12, wherein 
said updating step is performed in response to a request by the client terminal. 

15. (Thrice Amended) A methooaccording to claim 9, wherein said 
identifier is an IP address of the client terminal 

16. (Thrice Amended) A method according to claim 9, wherein said 
authentication step comprises issuing said identifier to the client terminal. 
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